Data security has been growing as a serious concern for enterprises around the globe. With the rising volume of data, the demand for truly efficacious security solutions is also rising, especially when traditional anti-virus tools struggle to safeguard against DDoS and ransomware attacks.

Crowdstrike, a major US-based company recently rolled out its advanced endpoint detection and response (EDR) solution in India. The solution deploys machine learning and AI to prevent possible security attacks. The solution, with a mere file size of 23 MB, provides real-time visibility and mitigation to enterprise endpoints using ML algorithms.

“Crowdstrike stops breaches at scale using cloud and machine learning. The solution does not require signature updates and frees the network of many resources. It is only a 23 MB software which takes only 4 MB of network telemetry data in 24 hours,” said Geoff Swaine, ‎Channel and Alliances Director, Asia Pacific and Japan - ‎CrowdStrike.

“Traditional security tools create filters which determine good from bad. This only solves the problem only when you know have a malware. But, we know from reports that the majority of attacks are fileless, which most traditional anti-virus systems are unable to detect.”

Geoff Swaine

Channel and Alliances Director, APAC - ‎CrowdStrike

Advanced threat-centric SOC

Crowdstrike's EDR will be deployed on Valuepoint Techsol’s security operations center (SOC) to create an intelligent security service platform based on machine learning and artificial intelligence capabilities. The EDR solution is designed to monitor all network resources using machine learning. The platform identifies and remediates vulnerabilities and threats by collecting network telemetry data sent automatically to the cloud.

“With our collaboration with Valuepoint Techsol’s SOC, it creates a very innovative approach. The platform uses our intelligence along with Valuepoint Techsol’s managed security services in India. This is adding a lot to the Indian cyber security community,” said Swaine.

Crowdstrike EDR Features

-Machine Learning and AI capabilities

-Uses network telemetry

-Automated threat mitigation

-In-depth reports of security events

-Single console for all security tools

-Open APIs to link with other security solutions

AV vs EDR
Endpoint detection and response solution offers a seeming edge over anti-virus solutions. Being a 23 MB file which utilizes only 4 MB of data in a 24 hour period, it is extremely light on the network when compared to AV solutions, says Crowdstrike. In addition, the solution offers a single console for all the various toolsets used for better visibility and reporting.

“In a typical SOC, you need to perform correlation and store file logs for years because you come under certain compliance. What we see about this approach is that it is mostly dependent on humans. With our solution, it’s automated. The solution uses a single management console which is easy to monitor, compared to using multiple consoles which is usually the case,” told Ashok Prabhu, CEO, Valuepoint Techsol.

“We had a traditional anti-virus that was signature-based. Every time you need to update the signature manually and that was a big task for us; also visibility was not there. So, we moved away from the signature-based system and found Crowdstrike's EDR which is automated, has a minimal footprint and is easy to run. We have complete visibility and full insights of our network,” reported S Srinivas, General Manager – IT Infrastructure / Security at The Himalaya Drug Company

Protection against Fileless attacks

According to a study by Ponemon Institute, 77 percent of successful attacks put fileless techniques to use. The study tells that fileless attacks are ten times more likely to succeed when compared to other techniques using malicious file-based attacks. Crowdstrike says its endpoint detection and response (EDR) solution is efficacious against fileless attacks, which most antivirus solutions of the day may fail to detect.

“Traditional security tools use a filter to create filters which determine good from bad. This solves the problem only when you know you have a malware. But, we know from reports that the majority of attacks are fileless, which most traditional anti-virus systems are unable to detect. Our approach to mitigate fileless attacks is layering a series of threat events together in sequence and have visibility by looking at the whole attack process, not just one file filled with malware,” told Swaine.

“In a typical SOC, you need to perform correlation and store file logs for years because of compliance needs. What we see about this approach is that it is mostly dependent on humans. With our solution, it’s automated. By using a single console, you can monitor and obtain in-depth threat reports all at the same place.

“Crowdstrike ingests 62 billion events per day. This database of knowledge is what powers the threat-centric SOC solution. So, using telemetry information from the customers and intelligence gathered by experts from all sorts of places, including the dark web, we generate for clients what we call as Indicators of Attacks (IoA) before an attack is likely to happen,” said Swaine.

Machine learning and artificial intelligence are expected to gain massive adoption in the coming years. It will be interesting to see how EDR solutions like that of Crowdstrike’s will gain traction as more and more security professionals see the inability of signature-based anti-virus solutions in dealing with advanced attacks.